Privacy Policy - AdmissusCasePRIVACY — Privacy and Data Processing Policy 1. What data we collect 1.1. Donor data 1.2. Payment data 1.3. Communications 1.4. Technical data 1.5. Optional (demo/forms) 2. Purposes and legal bases of processing 3. Cookies and analytics 4. Data retention 5. Recipients and processors Payment providers Hosting / IT infrastructure E-mail / transactional messages / newsletters 6. International transfers 7. Your rights 8. Security 9. Children 10. Automated decisions 11. Sanctions/KYC/AML inquiries 12. Related documents 13. Changes to this Policy 14. Privacy contactsVersion: 2 November 2025 Who is the data controller: International Legal Initiative Genève (IDE/TVA: CHE‑329.024.359), Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, Switzerland. Contacts: costbackkz@gmail.com • contact form • +7 778 997‑84‑26 This Policy is prepared in accordance with the nFADP/LPD (Switzerland, effective 01.09.2023) and takes into account the GDPR for users in the EU/EEA. Note on cross‑border transfers: The European Commission recognizes the adequacy of data protection in Switzerland (Art. 45 GDPR) — data may be transferred from the EU to Switzerland without additional safeguards. Name, e‑mail, amount/currency, frequency, country, donor's message; for corporate sponsors — legal entity/position; technical identifiers of the transaction/account. Card details and authentication are processed by the payment provider (e.g., Stripe) on its infrastructure; we receive only tokens/identifiers/statuses and do not store card numbers. Correspondence, submissions (including the contact form/demo). IP address, user agent, basic cookies/pixels (strictly necessary; analytics only with consent). A brief description of your case/question (please do not provide sensitive data unless required). For users in the EU/EEA, the legal bases under Art. 6 GDPR apply (contract/LI/legal obligations/consent). For users in Switzerland — the nFADP/LPD and implementing ordinances (FDPO). We use strictly necessary cookies (session, security, anti‑bot). Analytics cookies are used only with your consent. For the EU/EEA, prior‑consent rules apply. We do not sell personal data. Data may be processed by the following categories of recipients (under DPAs and appropriate security measures): Stripe Payments Europe — acquiring/3‑D Secure/anti‑fraud. Replit, Inc. (USA) — website hosting and application runtime. Processing is governed by Replit's Data Processing Addendum (DPA). Replit maintains a public list of its subprocessors (including Google and Microsoft Azure for cloud infrastructure). Where personal data is transferred to the United States, we rely on the EU Standard Contractual Clauses (SCCs) (and, where relevant, the UK Addendum/Swiss Addendum) together with appropriate supplementary measures. Google (Gmail/Workspace) — we currently use the mailbox costbackkz@gmail.com for incoming and outgoing communications. Where Google Workspace accounts are used under a Data Processing Amendment, Google acts as our processor; where consumer Gmail is used, Google may act as an independent controller for certain processing under its Privacy Policy. Data may be processed in the EU (Google Ireland Ltd.) and the United States (Google LLC). International transfers are safeguarded by the EU Standard Contractual Clauses (and, where applicable, the UK Addendum/Swiss Addendum and the EU-US Data Privacy Framework). Core infrastructure is located in the EU/Switzerland. If a given provider processes data outside the EU/CH, we apply legal mechanisms: SCCs (EU), adequacy (where available), and supplementary safeguards. For flows EU → Switzerland, the adequacy decision applies. Within the limits of applicable law, you may request: access, rectification, erasure, restriction, objection (including to analytics/marketing), portability, and withdrawal of consent. Please send requests to costbackkz@gmail.com (or via the "Privacy / GDPR Request" form). We respond within a reasonable time (for the EU — typically within 30 days). Supervisory authorities: We implement technical and organizational measures: encryption in transit and at rest, access control (RBAC/MFA), logging, backups, vulnerability and incident management, and data minimization; measures are adjusted based on risks under the FDPO. Payment data is processed by the provider on its secure infrastructure; we do not store full card details. The website and donations are not intended for individuals under 18; we do not knowingly collect such data. We do not make decisions with legal effects based solely on automated processing without human involvement. Anti‑fraud assessments by the payment provider are carried out with human oversight/appeal. Where risks are indicated, we may request supporting documents (country of residence, source of funds, etc.), and a payment may be suspended/returned in accordance with the law and payment system rules. (This section does not render the Organization a financial intermediary within the meaning of the Swiss AMLA.) Please also review our Terms of Use and Disclaimer for important information about using our website and services. We may update this Policy. Material changes will be announced on the website/by e‑mail. Continued use constitutes acceptance of the updated version. Controller: International Legal Initiative GenèveAddress: Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, SwitzerlandE‑mail: costbackkz@gmail.comDonations and record‑keeping (acceptance, confirmations, reconciliation, reporting): performance of a contract/legitimate interests/legal obligations. Communications (responses to inquiries; project news — only with opt‑in): consent/legitimate interests. Security and anti‑fraud (sanctions/risk checks by the payment provider, abuse prevention): legitimate interests/legal obligations. Compliance with law (KYC/sanctions where necessary; accounting and tax obligations): legal obligations. Finance/accounting for donations: at least 10 years (Art. 958f CO/OR; the period is calculated from the end of the financial year). Subscriptions/newsletters: as long as the subscription remains active or until you unsubscribe. Security/access logs: typically up to 12 months (longer where there is an incident/legal necessity). Demo/contact requests: up to 24 months or upon your deletion request where no legal retention duty applies. Switzerland — FDPIC, Feldeggweg 1, CH‑3003 Bern. EU/EEA — your local data protection authority.
Back to Home
PRIVACY — Privacy and Data Processing Policy
Version: 2 November 2025
Who is the data controller: International Legal Initiative Genève (IDE/TVA: CHE‑329.024.359), Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, Switzerland.
Contacts: costbackkz@gmail.com • contact form • +7 778 997‑84‑26
This Policy is prepared in accordance with the nFADP/LPD (Switzerland, effective 01.09.2023) and takes into account the GDPR for users in the EU/EEA.
Note on cross‑border transfers: The European Commission recognizes the adequacy of data protection in Switzerland (Art. 45 GDPR) — data may be transferred from the EU to Switzerland without additional safeguards.
1. What data we collect
1.1. Donor data
Name, e‑mail, amount/currency, frequency, country, donor's message; for corporate sponsors — legal entity/position; technical identifiers of the transaction/account.
1.2. Payment data
Card details and authentication are processed by the payment provider (e.g., Stripe) on its infrastructure; we receive only tokens/identifiers/statuses and do not store card numbers.
1.3. Communications
Correspondence, submissions (including the contact form/demo).
1.4. Technical data
IP address, user agent, basic cookies/pixels (strictly necessary; analytics only with consent).
1.5. Optional (demo/forms)
A brief description of your case/question (please do not provide sensitive data unless required).
2. Purposes and legal bases of processing
Donations and record‑keeping (acceptance, confirmations, reconciliation, reporting): performance of a contract/legitimate interests/legal obligations.
Communications (responses to inquiries; project news — only with opt‑in): consent/legitimate interests.
Security and anti‑fraud (sanctions/risk checks by the payment provider, abuse prevention): legitimate interests/legal obligations.
Compliance with law (KYC/sanctions where necessary; accounting and tax obligations): legal obligations.
For users in the EU/EEA, the legal bases under Art. 6 GDPR apply (contract/LI/legal obligations/consent). For users in Switzerland — the nFADP/LPD and implementing ordinances (FDPO).
3. Cookies and analytics
We use strictly necessary cookies (session, security, anti‑bot). Analytics cookies are used only with your consent. For the EU/EEA, prior‑consent rules apply.
4. Data retention
Finance/accounting for donations: at least 10 years (Art. 958f CO/OR; the period is calculated from the end of the financial year).
Subscriptions/newsletters: as long as the subscription remains active or until you unsubscribe.
Security/access logs: typically up to 12 months (longer where there is an incident/legal necessity).
Demo/contact requests: up to 24 months or upon your deletion request where no legal retention duty applies.
5. Recipients and processors
We do not sell personal data. Data may be processed by the following categories of recipients (under DPAs and appropriate security measures):
Payment providers
Stripe Payments Europe — acquiring/3‑D Secure/anti‑fraud.
Hosting / IT infrastructure
Replit, Inc. (USA) — website hosting and application runtime. Processing is governed by Replit's Data Processing Addendum (DPA). Replit maintains a public list of its subprocessors (including Google and Microsoft Azure for cloud infrastructure). Where personal data is transferred to the United States, we rely on the EU Standard Contractual Clauses (SCCs) (and, where relevant, the UK Addendum/Swiss Addendum) together with appropriate supplementary measures.
E-mail / transactional messages / newsletters
Google (Gmail/Workspace) — we currently use the mailbox costbackkz@gmail.com for incoming and outgoing communications. Where Google Workspace accounts are used under a Data Processing Amendment, Google acts as our processor; where consumer Gmail is used, Google may act as an independent controller for certain processing under its Privacy Policy. Data may be processed in the EU (Google Ireland Ltd.) and the United States (Google LLC). International transfers are safeguarded by the EU Standard Contractual Clauses (and, where applicable, the UK Addendum/Swiss Addendum and the EU-US Data Privacy Framework).
6. International transfers
Core infrastructure is located in the EU/Switzerland. If a given provider processes data outside the EU/CH, we apply legal mechanisms: SCCs (EU), adequacy (where available), and supplementary safeguards. For flows EU → Switzerland, the adequacy decision applies.
7. Your rights
Within the limits of applicable law, you may request: access, rectification, erasure, restriction, objection (including to analytics/marketing), portability, and withdrawal of consent.
Please send requests to costbackkz@gmail.com (or via the "Privacy / GDPR Request" form). We respond within a reasonable time (for the EU — typically within 30 days).
Supervisory authorities:
Switzerland — FDPIC, Feldeggweg 1, CH‑3003 Bern.
EU/EEA — your local data protection authority.
8. Security
We implement technical and organizational measures: encryption in transit and at rest, access control (RBAC/MFA), logging, backups, vulnerability and incident management, and data minimization; measures are adjusted based on risks under the FDPO. Payment data is processed by the provider on its secure infrastructure; we do not store full card details.
9. Children
The website and donations are not intended for individuals under 18; we do not knowingly collect such data.
10. Automated decisions
We do not make decisions with legal effects based solely on automated processing without human involvement. Anti‑fraud assessments by the payment provider are carried out with human oversight/appeal.
11. Sanctions/KYC/AML inquiries
Where risks are indicated, we may request supporting documents (country of residence, source of funds, etc.), and a payment may be suspended/returned in accordance with the law and payment system rules. (This section does not render the Organization a financial intermediary within the meaning of the Swiss AMLA.)
12. Related documents
Please also review our Terms of Use and Disclaimer for important information about using our website and services.
13. Changes to this Policy
We may update this Policy. Material changes will be announced on the website/by e‑mail. Continued use constitutes acceptance of the updated version.
14. Privacy contacts
Controller: International Legal Initiative Genève
Address: Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, Switzerland
E‑mail: costbackkz@gmail.com
Who is the data controller: International Legal Initiative Genève (IDE/TVA: CHE‑329.024.359), Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, Switzerland.
This Policy is prepared in accordance with the nFADP/LPD (Switzerland, effective 01.09.2023) and takes into account the GDPR for users in the EU/EEA.
Note on cross‑border transfers: The European Commission recognizes the adequacy of data protection in Switzerland (Art. 45 GDPR) — data may be transferred from the EU to Switzerland without additional safeguards.
1. What data we collect
1.1. Donor data
Name, e‑mail, amount/currency, frequency, country, donor's message; for corporate sponsors — legal entity/position; technical identifiers of the transaction/account.
1.2. Payment data
Card details and authentication are processed by the payment provider (e.g., Stripe) on its infrastructure; we receive only tokens/identifiers/statuses and do not store card numbers.
1.3. Communications
Correspondence, submissions (including the contact form/demo).
1.4. Technical data
IP address, user agent, basic cookies/pixels (strictly necessary; analytics only with consent).
1.5. Optional (demo/forms)
A brief description of your case/question (please do not provide sensitive data unless required).
2. Purposes and legal bases of processing
Donations and record‑keeping (acceptance, confirmations, reconciliation, reporting): performance of a contract/legitimate interests/legal obligations.
Communications (responses to inquiries; project news — only with opt‑in): consent/legitimate interests.
Security and anti‑fraud (sanctions/risk checks by the payment provider, abuse prevention): legitimate interests/legal obligations.
Compliance with law (KYC/sanctions where necessary; accounting and tax obligations): legal obligations.
For users in the EU/EEA, the legal bases under Art. 6 GDPR apply (contract/LI/legal obligations/consent). For users in Switzerland — the nFADP/LPD and implementing ordinances (FDPO).
3. Cookies and analytics
We use strictly necessary cookies (session, security, anti‑bot). Analytics cookies are used only with your consent. For the EU/EEA, prior‑consent rules apply.
4. Data retention
Finance/accounting for donations: at least 10 years (Art. 958f CO/OR; the period is calculated from the end of the financial year).
Subscriptions/newsletters: as long as the subscription remains active or until you unsubscribe.
Security/access logs: typically up to 12 months (longer where there is an incident/legal necessity).
Demo/contact requests: up to 24 months or upon your deletion request where no legal retention duty applies.
5. Recipients and processors
We do not sell personal data. Data may be processed by the following categories of recipients (under DPAs and appropriate security measures):
Payment providers
Stripe Payments Europe — acquiring/3‑D Secure/anti‑fraud.
Hosting / IT infrastructure
Replit, Inc. (USA) — website hosting and application runtime. Processing is governed by Replit's Data Processing Addendum (DPA). Replit maintains a public list of its subprocessors (including Google and Microsoft Azure for cloud infrastructure). Where personal data is transferred to the United States, we rely on the EU Standard Contractual Clauses (SCCs) (and, where relevant, the UK Addendum/Swiss Addendum) together with appropriate supplementary measures.
E-mail / transactional messages / newsletters
Google (Gmail/Workspace) — we currently use the mailbox costbackkz@gmail.com for incoming and outgoing communications. Where Google Workspace accounts are used under a Data Processing Amendment, Google acts as our processor; where consumer Gmail is used, Google may act as an independent controller for certain processing under its Privacy Policy. Data may be processed in the EU (Google Ireland Ltd.) and the United States (Google LLC). International transfers are safeguarded by the EU Standard Contractual Clauses (and, where applicable, the UK Addendum/Swiss Addendum and the EU-US Data Privacy Framework).
6. International transfers
Core infrastructure is located in the EU/Switzerland. If a given provider processes data outside the EU/CH, we apply legal mechanisms: SCCs (EU), adequacy (where available), and supplementary safeguards. For flows EU → Switzerland, the adequacy decision applies.
7. Your rights
Within the limits of applicable law, you may request: access, rectification, erasure, restriction, objection (including to analytics/marketing), portability, and withdrawal of consent.
We implement technical and organizational measures: encryption in transit and at rest, access control (RBAC/MFA), logging, backups, vulnerability and incident management, and data minimization; measures are adjusted based on risks under the FDPO. Payment data is processed by the provider on its secure infrastructure; we do not store full card details.
9. Children
The website and donations are not intended for individuals under 18; we do not knowingly collect such data.
10. Automated decisions
We do not make decisions with legal effects based solely on automated processing without human involvement. Anti‑fraud assessments by the payment provider are carried out with human oversight/appeal.
11. Sanctions/KYC/AML inquiries
Where risks are indicated, we may request supporting documents (country of residence, source of funds, etc.), and a payment may be suspended/returned in accordance with the law and payment system rules. (This section does not render the Organization a financial intermediary within the meaning of the Swiss AMLA.)
12. Related documents
Please also review our Terms of Use and Disclaimer for important information about using our website and services.
13. Changes to this Policy
We may update this Policy. Material changes will be announced on the website/by e‑mail. Continued use constitutes acceptance of the updated version.
14. Privacy contacts
Controller: International Legal Initiative Genève Address: Place de Longemalle 1, c/o MN & Associés SA, 1204 Genève, Switzerland E‑mail: costbackkz@gmail.com